Fast food chain Five Guys has disclosed a data breach affecting job applicants. The company said that an unauthorized party accessed its job application website, potentially exposing the personal information of job applicants who applied online between June 2017 and November 2019. The information exposed may have included names, addresses, emails, and phone numbers, as well as the last four digits of applicants' social security numbers. The company said that it discovered the breach in December 2019 and promptly launched an investigation. It has since secured the website and is working with law enforcement to find out who was responsible for the attack. The company has also set up a dedicated call center to handle inquiries from affected individuals and is offering free credit monitoring and identity theft protection services to anyone affected by the breach. Arti Raman, CEO and founder, Titaniam (she/her), suggests that the best way to approach this situation is to extend empathy to those affected and to reflect on best practices to build resiliency against future attacks:
“It is unclear if the Five Guys data leak was part of a ransomware attack or if someone simply stumbled upon an unprotected cloud storage. The first thing to do, as a community, is to extend empathy to those impacted. When it comes to data breaches and unauthorized access to files, any of us could find ourselves in the midst of a data leak having our PII exposed. With over 65% of attacks rooted in some type of human compromise, attackers can find a foothold in even the best-defended enterprises.
In times like this, it is essential to reflect on best practices so that all can benefit from each others' experiences. In turn, this helps build resiliency based on attacks that have happened and still could happen again.
Based on our work, Titaniam has found that cyberattack immunity is a three-part solution. First, enterprises must look into prevention and detection solutions so that attacks can be stopped before they execute or be identified before infection spreads. Second, data security focuses on preventing large-scale data exfiltration. This can be achieved through encryption at rest, in transit, and, most importantly, encryption-in-use. Encryption-in-use is an extremely powerful new technology that dramatically reduces ransomware, extortion, and other data-related attacks. This is potentially what can help in the case of unauthorized access to files. Finally, the third piece is backup and recovery. This is in place so that even if attackers successfully bring down systems, these can be recovered without expensive payouts. Implementing a three-part defense helps significantly neutralize attacker leverage and protect data and enterprises.”